diff options
Diffstat (limited to 'src/interfaces/libpq/fe-auth.c')
| -rw-r--r-- | src/interfaces/libpq/fe-auth.c | 763 |
1 files changed, 396 insertions, 367 deletions
diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c index d058ec8ab78..433cc65ded7 100644 --- a/src/interfaces/libpq/fe-auth.c +++ b/src/interfaces/libpq/fe-auth.c @@ -1,34 +1,34 @@ /*------------------------------------------------------------------------- * * fe-auth.c-- - * The front-end (client) authorization routines + * The front-end (client) authorization routines * * Copyright (c) 1994, Regents of the University of California * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.8 1997/08/12 20:16:21 momjian Exp $ + * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.9 1997/09/07 05:03:17 momjian Exp $ * *------------------------------------------------------------------------- */ /* * INTERFACE ROUTINES - * frontend (client) routines: - * fe_sendauth send authentication information - * fe_getauthname get user's name according to the client side - * of the authentication system - * fe_setauthsvc set frontend authentication service - * fe_getauthsvc get current frontend authentication service + * frontend (client) routines: + * fe_sendauth send authentication information + * fe_getauthname get user's name according to the client side + * of the authentication system + * fe_setauthsvc set frontend authentication service + * fe_getauthsvc get current frontend authentication service * * * */ #include <stdio.h> #include <string.h> -#include <sys/param.h> /* for MAXHOSTNAMELEN on most */ +#include <sys/param.h> /* for MAXHOSTNAMELEN on most */ #ifndef MAXHOSTNAMELEN -#include <netdb.h> /* for MAXHOSTNAMELEN on some */ +#include <netdb.h> /* for MAXHOSTNAMELEN on some */ #endif #include <unistd.h> #include <sys/types.h> @@ -47,12 +47,12 @@ *---------------------------------------------------------------- */ -struct authsvc { - char name[16]; /* service nickname (for command line) */ - MsgType msgtype; /* startup packet header type */ - int allowed; /* initially allowed (before command line - * option parsing)? - */ +struct authsvc +{ + char name[16]; /* service nickname (for command line) */ + MsgType msgtype; /* startup packet header type */ + int allowed; /* initially allowed (before command line + * option parsing)? */ }; /* @@ -67,24 +67,24 @@ struct authsvc { */ static struct authsvc authsvcs[] = { #ifdef KRB4 - { "krb4", STARTUP_KRB4_MSG, 1 }, - { "kerberos", STARTUP_KRB4_MSG, 1 }, -#endif /* KRB4 */ + {"krb4", STARTUP_KRB4_MSG, 1}, + {"kerberos", STARTUP_KRB4_MSG, 1}, +#endif /* KRB4 */ #ifdef KRB5 - { "krb5", STARTUP_KRB5_MSG, 1 }, - { "kerberos", STARTUP_KRB5_MSG, 1 }, -#endif /* KRB5 */ - { UNAUTHNAME, STARTUP_MSG, + {"krb5", STARTUP_KRB5_MSG, 1}, + {"kerberos", STARTUP_KRB5_MSG, 1}, +#endif /* KRB5 */ + {UNAUTHNAME, STARTUP_MSG, #if defined(KRB4) || defined(KRB5) - 0 -#else /* !(KRB4 || KRB5) */ - 1 -#endif /* !(KRB4 || KRB5) */ - }, - { "password", STARTUP_PASSWORD_MSG, 0 } + 0 +#else /* !(KRB4 || KRB5) */ + 1 +#endif /* !(KRB4 || KRB5) */ + }, + {"password", STARTUP_PASSWORD_MSG, 0} }; -static n_authsvcs = sizeof(authsvcs) / sizeof(struct authsvc); +static n_authsvcs = sizeof(authsvcs) / sizeof(struct authsvc); #ifdef KRB4 /*---------------------------------------------------------------- @@ -95,8 +95,8 @@ static n_authsvcs = sizeof(authsvcs) / sizeof(struct authsvc); #include "krb.h" /* for some reason, this is not defined in krb.h ... */ -extern char *tkt_string(void); - +extern char *tkt_string(void); + /* * pg_krb4_init -- initialization performed before any Kerberos calls are made * @@ -104,60 +104,63 @@ extern char *tkt_string(void); * ticket file if we want them to see a special one. (They will open the file * themselves.) */ -static void pg_krb4_init() +static void +pg_krb4_init() { - char *realm; - static init_done = 0; - - if (init_done) - return; - init_done = 1; - - /* - * If the user set PGREALM, then we use a ticket file with a special - * name: <usual-ticket-file-name>@<PGREALM-value> - */ - if (realm = getenv("PGREALM")) { - char tktbuf[MAXPATHLEN]; - - (void) sprintf(tktbuf, "%s@%s", tkt_string(), realm); - krb_set_tkt_string(tktbuf); - } + char *realm; + static init_done = 0; + + if (init_done) + return; + init_done = 1; + + /* + * If the user set PGREALM, then we use a ticket file with a special + * name: <usual-ticket-file-name>@<PGREALM-value> + */ + if (realm = getenv("PGREALM")) + { + char tktbuf[MAXPATHLEN]; + + (void) sprintf(tktbuf, "%s@%s", tkt_string(), realm); + krb_set_tkt_string(tktbuf); + } } /* * pg_krb4_authname -- returns a pointer to static space containing whatever - * name the user has authenticated to the system + * name the user has authenticated to the system * * We obtain this information by digging around in the ticket file. */ -static char * -pg_krb4_authname(char* PQerrormsg) +static char * +pg_krb4_authname(char *PQerrormsg) { - char instance[INST_SZ]; - char realm[REALM_SZ]; - int status; - static char name[SNAME_SZ+1] = ""; - - if (name[0]) - return(name); - - pg_krb4_init(); - - name[SNAME_SZ] = '\0'; - status = krb_get_tf_fullname(tkt_string(), name, instance, realm); - if (status != KSUCCESS) { - (void) sprintf(PQerrormsg, - "pg_krb4_authname: krb_get_tf_fullname: %s\n", - krb_err_txt[status]); - return((char *) NULL); - } - return(name); + char instance[INST_SZ]; + char realm[REALM_SZ]; + int status; + static char name[SNAME_SZ + 1] = ""; + + if (name[0]) + return (name); + + pg_krb4_init(); + + name[SNAME_SZ] = '\0'; + status = krb_get_tf_fullname(tkt_string(), name, instance, realm); + if (status != KSUCCESS) + { + (void) sprintf(PQerrormsg, + "pg_krb4_authname: krb_get_tf_fullname: %s\n", + krb_err_txt[status]); + return ((char *) NULL); + } + return (name); } /* * pg_krb4_sendauth -- client routine to send authentication information to - * the server + * the server * * This routine does not do mutual authentication, nor does it return enough * information to do encrypted connections. But then, if we want to do @@ -170,48 +173,50 @@ pg_krb4_authname(char* PQerrormsg) * (canonicalized to omit all domain suffixes). */ static int -pg_krb4_sendauth(const char* PQerrormsg, int sock, - struct sockaddr_in *laddr, - struct sockaddr_in *raddr, - const char *hostname) +pg_krb4_sendauth(const char *PQerrormsg, int sock, + struct sockaddr_in * laddr, + struct sockaddr_in * raddr, + const char *hostname) { - long krbopts = 0; /* one-way authentication */ - KTEXT_ST clttkt; - int status; - char hostbuf[MAXHOSTNAMELEN]; - const char *realm = getenv("PGREALM"); /* NULL == current realm */ - - if (!hostname || !(*hostname)) { - if (gethostname(hostbuf, MAXHOSTNAMELEN) < 0) - strcpy(hostbuf, "localhost"); - hostname = hostbuf; - } - - pg_krb4_init(); - - status = krb_sendauth(krbopts, - sock, - &clttkt, - PG_KRB_SRVNAM, - hostname, - realm, - (u_long) 0, - (MSG_DAT *) NULL, - (CREDENTIALS *) NULL, - (Key_schedule *) NULL, - laddr, - raddr, - PG_KRB4_VERSION); - if (status != KSUCCESS) { - (void) sprintf(PQerrormsg, - "pg_krb4_sendauth: kerberos error: %s\n", - krb_err_txt[status]); - return(STATUS_ERROR); - } - return(STATUS_OK); + long krbopts = 0;/* one-way authentication */ + KTEXT_ST clttkt; + int status; + char hostbuf[MAXHOSTNAMELEN]; + const char *realm = getenv("PGREALM"); /* NULL == current realm */ + + if (!hostname || !(*hostname)) + { + if (gethostname(hostbuf, MAXHOSTNAMELEN) < 0) + strcpy(hostbuf, "localhost"); + hostname = hostbuf; + } + + pg_krb4_init(); + + status = krb_sendauth(krbopts, + sock, + &clttkt, + PG_KRB_SRVNAM, + hostname, + realm, + (u_long) 0, + (MSG_DAT *) NULL, + (CREDENTIALS *) NULL, + (Key_schedule *) NULL, + laddr, + raddr, + PG_KRB4_VERSION); + if (status != KSUCCESS) + { + (void) sprintf(PQerrormsg, + "pg_krb4_sendauth: kerberos error: %s\n", + krb_err_txt[status]); + return (STATUS_ERROR); + } + return (STATUS_OK); } -#endif /* KRB4 */ +#endif /* KRB4 */ #ifdef KRB5 /*---------------------------------------------------------------- @@ -223,25 +228,25 @@ pg_krb4_sendauth(const char* PQerrormsg, int sock, /* * pg_an_to_ln -- return the local name corresponding to an authentication - * name + * name * * XXX Assumes that the first aname component is the user name. This is NOT - * necessarily so, since an aname can actually be something out of your - * worst X.400 nightmare, like - * ORGANIZATION=U. C. Berkeley/NAME=Paul M. Aoki@CS.BERKELEY.EDU - * Note that the MIT an_to_ln code does the same thing if you don't - * provide an aname mapping database...it may be a better idea to use - * krb5_an_to_ln, except that it punts if multiple components are found, - * and we can't afford to punt. + * necessarily so, since an aname can actually be something out of your + * worst X.400 nightmare, like + * ORGANIZATION=U. C. Berkeley/NAME=Paul M. Aoki@CS.BERKELEY.EDU + * Note that the MIT an_to_ln code does the same thing if you don't + * provide an aname mapping database...it may be a better idea to use + * krb5_an_to_ln, except that it punts if multiple components are found, + * and we can't afford to punt. */ -static char * +static char * pg_an_to_ln(const char *aname) { - char *p; - - if ((p = strchr(aname, '/')) || (p = strchr(aname, '@'))) - *p = '\0'; - return(aname); + char *p; + + if ((p = strchr(aname, '/')) || (p = strchr(aname, '@'))) + *p = '\0'; + return (aname); } @@ -251,85 +256,92 @@ pg_an_to_ln(const char *aname) * With v5, we can no longer set the ticket (credential cache) file name; * we now have to provide a file handle for the open (well, "resolved") * ticket file everywhere. - * + * */ static int -krb5_ccache pg_krb5_init(void) +krb5_ccache +pg_krb5_init(void) { - krb5_error_code code; - char *realm, *defname; - char tktbuf[MAXPATHLEN]; - static krb5_ccache ccache = (krb5_ccache) NULL; - - if (ccache) - return(ccache); - - /* - * If the user set PGREALM, then we use a ticket file with a special - * name: <usual-ticket-file-name>@<PGREALM-value> - */ - if (!(defname = krb5_cc_default_name())) { - (void) sprintf(PQerrormsg, - "pg_krb5_init: krb5_cc_default_name failed\n"); - return((krb5_ccache) NULL); - } - strcpy(tktbuf, defname); - if (realm = getenv("PGREALM")) { - strcat(tktbuf, "@"); - strcat(tktbuf, realm); - } - - if (code = krb5_cc_resolve(tktbuf, &ccache)) { - (void) sprintf(PQerrormsg, - "pg_krb5_init: Kerberos error %d in krb5_cc_resolve\n", - code); - com_err("pg_krb5_init", code, "in krb5_cc_resolve"); - return((krb5_ccache) NULL); - } - return(ccache); + krb5_error_code code; + char *realm, + *defname; + char tktbuf[MAXPATHLEN]; + static krb5_ccache ccache = (krb5_ccache) NULL; + + if (ccache) + return (ccache); + + /* + * If the user set PGREALM, then we use a ticket file with a special + * name: <usual-ticket-file-name>@<PGREALM-value> + */ + if (!(defname = krb5_cc_default_name())) + { + (void) sprintf(PQerrormsg, + "pg_krb5_init: krb5_cc_default_name failed\n"); + return ((krb5_ccache) NULL); + } + strcpy(tktbuf, defname); + if (realm = getenv("PGREALM")) + { + strcat(tktbuf, "@"); + strcat(tktbuf, realm); + } + + if (code = krb5_cc_resolve(tktbuf, &ccache)) + { + (void) sprintf(PQerrormsg, + "pg_krb5_init: Kerberos error %d in krb5_cc_resolve\n", + code); + com_err("pg_krb5_init", code, "in krb5_cc_resolve"); + return ((krb5_ccache) NULL); + } + return (ccache); } /* * pg_krb5_authname -- returns a pointer to static space containing whatever - * name the user has authenticated to the system + * name the user has authenticated to the system * * We obtain this information by digging around in the ticket file. */ static const char * -pg_krb5_authname(const char* PQerrormsg) +pg_krb5_authname(const char *PQerrormsg) { - krb5_ccache ccache; - krb5_principal principal; - krb5_error_code code; - static char *authname = (char *) NULL; - - if (authname) - return(authname); - - ccache = pg_krb5_init(); /* don't free this */ - - if (code = krb5_cc_get_principal(ccache, &principal)) { - (void) sprintf(PQerrormsg, - "pg_krb5_authname: Kerberos error %d in krb5_cc_get_principal\n", - code); - com_err("pg_krb5_authname", code, "in krb5_cc_get_principal"); - return((char *) NULL); - } - if (code = krb5_unparse_name(principal, &authname)) { - (void) sprintf(PQerrormsg, - "pg_krb5_authname: Kerberos error %d in krb5_unparse_name\n", - code); - com_err("pg_krb5_authname", code, "in krb5_unparse_name"); + krb5_ccache ccache; + krb5_principal principal; + krb5_error_code code; + static char *authname = (char *) NULL; + + if (authname) + return (authname); + + ccache = pg_krb5_init(); /* don't free this */ + + if (code = krb5_cc_get_principal(ccache, &principal)) + { + (void) sprintf(PQerrormsg, + "pg_krb5_authname: Kerberos error %d in krb5_cc_get_principal\n", + code); + com_err("pg_krb5_authname", code, "in krb5_cc_get_principal"); + return ((char *) NULL); + } + if (code = krb5_unparse_name(principal, &authname)) + { + (void) sprintf(PQerrormsg, + "pg_krb5_authname: Kerberos error %d in krb5_unparse_name\n", + code); + com_err("pg_krb5_authname", code, "in krb5_unparse_name"); + krb5_free_principal(principal); + return ((char *) NULL); + } krb5_free_principal(principal); - return((char *) NULL); - } - krb5_free_principal(principal); - return(pg_an_to_ln(authname)); + return (pg_an_to_ln(authname)); } /* * pg_krb5_sendauth -- client routine to send authentication information to - * the server + * the server * * This routine does not do mutual authentication, nor does it return enough * information to do encrypted connections. But then, if we want to do @@ -337,159 +349,173 @@ pg_krb5_authname(const char* PQerrormsg) * anyway. * * Server hostnames are canonicalized v4-style, i.e., all domain suffixes - * are simply chopped off. Hence, we are assuming that you've entered your + * are simply chopped off. Hence, we are assuming that you've entered your * server instances as - * <value-of-PG_KRB_SRVNAM>/<canonicalized-hostname> - * in the PGREALM (or local) database. This is probably a bad assumption. + * <value-of-PG_KRB_SRVNAM>/<canonicalized-hostname> + * in the PGREALM (or local) database. This is probably a bad assumption. */ static int -pg_krb5_sendauth(const char* PQerrormsg,int sock, - struct sockaddr_in *laddr, - struct sockaddr_in *raddr, - const char *hostname) +pg_krb5_sendauth(const char *PQerrormsg, int sock, + struct sockaddr_in * laddr, + struct sockaddr_in * raddr, + const char *hostname) { - char servbuf[MAXHOSTNAMELEN + 1 + - sizeof(PG_KRB_SRVNAM)]; - const char *hostp; - const char *realm; - krb5_error_code code; - krb5_principal client, server; - krb5_ccache ccache; - krb5_error *error = (krb5_error *) NULL; - - ccache = pg_krb5_init(); /* don't free this */ - - /* - * set up client -- this is easy, we can get it out of the ticket - * file. - */ - if (code = krb5_cc_get_principal(ccache, &client)) { - (void) sprintf(PQerrormsg, - "pg_krb5_sendauth: Kerberos error %d in krb5_cc_get_principal\n", - code); - com_err("pg_krb5_sendauth", code, "in krb5_cc_get_principal"); - return(STATUS_ERROR); - } - - /* - * set up server -- canonicalize as described above - */ - strcpy(servbuf, PG_KRB_SRVNAM); - *(hostp = servbuf + (sizeof(PG_KRB_SRVNAM) - 1)) = '/'; - if (hostname || *hostname) { - strncpy(++hostp, hostname, MAXHOSTNAMELEN); - } else { - if (gethostname(++hostp, MAXHOSTNAMELEN) < 0) - strcpy(hostp, "localhost"); - } - if (hostp = strchr(hostp, '.')) - *hostp = '\0'; - if (realm = getenv("PGREALM")) { - strcat(servbuf, "@"); - strcat(servbuf, realm); - } - if (code = krb5_parse_name(servbuf, &server)) { - (void) sprintf(PQerrormsg, - "pg_krb5_sendauth: Kerberos error %d in krb5_parse_name\n", - code); - com_err("pg_krb5_sendauth", code, "in krb5_parse_name"); - krb5_free_principal(client); - return(STATUS_ERROR); - } - - /* - * The only thing we want back from krb5_sendauth is an error status - * and any error messages. - */ - if (code = krb5_sendauth((krb5_pointer) &sock, - PG_KRB5_VERSION, - client, - server, - (krb5_flags) 0, - (krb5_checksum *) NULL, - (krb5_creds *) NULL, - ccache, - (krb5_int32 *) NULL, - (krb5_keyblock **) NULL, - &error, - (krb5_ap_rep_enc_part **) NULL)) { - if ((code == KRB5_SENDAUTH_REJECTED) && error) { - (void) sprintf(PQerrormsg, - "pg_krb5_sendauth: authentication rejected: \"%*s\"\n", - error->text.length, error->text.data); - fputs(PQerrormsg, stderr); - pqdebug("%s", PQerrormsg); - } else { - (void) sprintf(PQerrormsg, - "pg_krb5_sendauth: Kerberos error %d in krb5_sendauth\n", - code); - com_err("pg_krb5_sendauth", code, "in krb5_sendauth"); + char servbuf[MAXHOSTNAMELEN + 1 + + sizeof(PG_KRB_SRVNAM)]; + const char *hostp; + const char *realm; + krb5_error_code code; + krb5_principal client, + server; + krb5_ccache ccache; + krb5_error *error = (krb5_error *) NULL; + + ccache = pg_krb5_init(); /* don't free this */ + + /* + * set up client -- this is easy, we can get it out of the ticket + * file. + */ + if (code = krb5_cc_get_principal(ccache, &client)) + { + (void) sprintf(PQerrormsg, + "pg_krb5_sendauth: Kerberos error %d in krb5_cc_get_principal\n", + code); + com_err("pg_krb5_sendauth", code, "in krb5_cc_get_principal"); + return (STATUS_ERROR); + } + + /* + * set up server -- canonicalize as described above + */ + strcpy(servbuf, PG_KRB_SRVNAM); + *(hostp = servbuf + (sizeof(PG_KRB_SRVNAM) - 1)) = '/'; + if (hostname || *hostname) + { + strncpy(++hostp, hostname, MAXHOSTNAMELEN); + } + else + { + if (gethostname(++hostp, MAXHOSTNAMELEN) < 0) + strcpy(hostp, "localhost"); + } + if (hostp = strchr(hostp, '.')) + *hostp = '\0'; + if (realm = getenv("PGREALM")) + { + strcat(servbuf, "@"); + strcat(servbuf, realm); + } + if (code = krb5_parse_name(servbuf, &server)) + { + (void) sprintf(PQerrormsg, + "pg_krb5_sendauth: Kerberos error %d in krb5_parse_name\n", + code); + com_err("pg_krb5_sendauth", code, "in krb5_parse_name"); + krb5_free_principal(client); + return (STATUS_ERROR); + } + + /* + * The only thing we want back from krb5_sendauth is an error status + * and any error messages. + */ + if (code = krb5_sendauth((krb5_pointer) & sock, + PG_KRB5_VERSION, + client, + server, + (krb5_flags) 0, + (krb5_checksum *) NULL, + (krb5_creds *) NULL, + ccache, + (krb5_int32 *) NULL, + (krb5_keyblock **) NULL, + &error, + (krb5_ap_rep_enc_part **) NULL)) + { + if ((code == KRB5_SENDAUTH_REJECTED) && error) + { + (void) sprintf(PQerrormsg, + "pg_krb5_sendauth: authentication rejected: \"%*s\"\n", + error->text.length, error->text.data); + fputs(PQerrormsg, stderr); + pqdebug("%s", PQerrormsg); + } + else + { + (void) sprintf(PQerrormsg, + "pg_krb5_sendauth: Kerberos error %d in krb5_sendauth\n", + code); + com_err("pg_krb5_sendauth", code, "in krb5_sendauth"); + } } - } - krb5_free_principal(client); - krb5_free_principal(server); - return(code ? STATUS_ERROR : STATUS_OK); + krb5_free_principal(client); + krb5_free_principal(server); + return (code ? STATUS_ERROR : STATUS_OK); } -#endif /* KRB5 */ +#endif /* KRB5 */ static int -pg_password_sendauth(Port *port, const char *user, const char *password) +pg_password_sendauth(Port * port, const char *user, const char *password) { - PacketBuf buf; - char *tmp; + PacketBuf buf; + char *tmp; - buf.len = htonl(sizeof(PacketBuf)); - buf.msgtype = STARTUP_PASSWORD_MSG; - buf.data[0] = '\0'; + buf.len = htonl(sizeof(PacketBuf)); + buf.msgtype = STARTUP_PASSWORD_MSG; + buf.data[0] = '\0'; - tmp = buf.data; - strncpy(tmp, user, strlen(user)+1); - tmp += strlen(user)+1; - strncpy(tmp, password, strlen(password)+1); + tmp = buf.data; + strncpy(tmp, user, strlen(user) + 1); + tmp += strlen(user) + 1; + strncpy(tmp, password, strlen(password) + 1); - return packetSend(port, &buf, sizeof(PacketBuf), BLOCKING); + return packetSend(port, &buf, sizeof(PacketBuf), BLOCKING); } /* * fe_sendauth -- client demux routine for outgoing authentication information */ int -fe_sendauth(MsgType msgtype, Port *port, const char *hostname, - const char *user, const char *password, const char* PQerrormsg) +fe_sendauth(MsgType msgtype, Port * port, const char *hostname, + const char *user, const char *password, const char *PQerrormsg) { - switch (msgtype) { + switch (msgtype) + { #ifdef KRB4 - case STARTUP_KRB4_MSG: - if (pg_krb4_sendauth(PQerrormsg, port->sock, &port->laddr, - &port->raddr, - hostname) != STATUS_OK) { - (void) sprintf(PQerrormsg, - "fe_sendauth: krb4 authentication failed\n"); -/* fputs(PQerrormsg, stderr); */ - return(STATUS_ERROR); - } - break; + case STARTUP_KRB4_MSG: + if (pg_krb4_sendauth(PQerrormsg, port->sock, &port->laddr, + &port->raddr, + hostname) != STATUS_OK) + { + (void) sprintf(PQerrormsg, + "fe_sendauth: krb4 authentication failed\n"); +/* fputs(PQerrormsg, stderr); */ + return (STATUS_ERROR); + } + break; #endif #ifdef KRB5 - case STARTUP_KRB5_MSG: - if (pg_krb5_sendauth(PQerrormsg,port->sock, &port->laddr, - &port->raddr, - hostname) != STATUS_OK) { - (void) sprintf(PQerrormsg, - "fe_sendauth: krb5 authentication failed\n"); - return(STATUS_ERROR); - } - break; + case STARTUP_KRB5_MSG: + if (pg_krb5_sendauth(PQerrormsg, port->sock, &port->laddr, + &port->raddr, + hostname) != STATUS_OK) + { + (void) sprintf(PQerrormsg, + "fe_sendauth: krb5 authentication failed\n"); + return (STATUS_ERROR); + } + break; #endif - case STARTUP_MSG: - break; - case STARTUP_PASSWORD_MSG: - pg_password_sendauth(port, user, password); - default: - break; - } - return(STATUS_OK); + case STARTUP_MSG: + break; + case STARTUP_PASSWORD_MSG: + pg_password_sendauth(port, user, password); + default: + break; + } + return (STATUS_OK); } /* @@ -499,74 +525,77 @@ fe_sendauth(MsgType msgtype, Port *port, const char *hostname, * Set/return the authentication service currently selected for use by the * frontend. (You can only use one in the frontend, obviously.) */ -static pg_authsvc = -1; +static pg_authsvc = -1; void -fe_setauthsvc(const char *name, char* PQerrormsg) +fe_setauthsvc(const char *name, char *PQerrormsg) { - int i; - - for (i = 0; i < n_authsvcs; ++i) - if (!strcmp(name, authsvcs[i].name)) { - pg_authsvc = i; - break; + int i; + + for (i = 0; i < n_authsvcs; ++i) + if (!strcmp(name, authsvcs[i].name)) + { + pg_authsvc = i; + break; + } + if (i == n_authsvcs) + { + (void) sprintf(PQerrormsg, + "fe_setauthsvc: invalid name: %s, ignoring...\n", + name); } - if (i == n_authsvcs) { - (void) sprintf(PQerrormsg, - "fe_setauthsvc: invalid name: %s, ignoring...\n", - name); - } - return; + return; } MsgType -fe_getauthsvc(char* PQerrormsg) +fe_getauthsvc(char *PQerrormsg) { - if (pg_authsvc < 0 || pg_authsvc >= n_authsvcs) - fe_setauthsvc(DEFAULT_CLIENT_AUTHSVC,PQerrormsg); - return(authsvcs[pg_authsvc].msgtype); + if (pg_authsvc < 0 || pg_authsvc >= n_authsvcs) + fe_setauthsvc(DEFAULT_CLIENT_AUTHSVC, PQerrormsg); + return (authsvcs[pg_authsvc].msgtype); } /* * fe_getauthname -- returns a pointer to dynamic space containing whatever - * name the user has authenticated to the system + * name the user has authenticated to the system * if there is an error, return the error message in PQerrormsg */ -char* -fe_getauthname(char* PQerrormsg) +char * +fe_getauthname(char *PQerrormsg) { - char *name = (char *) NULL; - char *authn = (char *) NULL; - MsgType authsvc; - - authsvc = fe_getauthsvc(PQerrormsg); - switch ((int) authsvc) { + char *name = (char *) NULL; + char *authn = (char *) NULL; + MsgType authsvc; + + authsvc = fe_getauthsvc(PQerrormsg); + switch ((int) authsvc) + { #ifdef KRB4 - case STARTUP_KRB4_MSG: - name = pg_krb4_authname(PQerrormsg); - break; + case STARTUP_KRB4_MSG: + name = pg_krb4_authname(PQerrormsg); + break; #endif #ifdef KRB5 - case STARTUP_KRB5_MSG: - name = pg_krb5_authname(PQerrormsg); - break; + case STARTUP_KRB5_MSG: + name = pg_krb5_authname(PQerrormsg); + break; #endif - case STARTUP_MSG: - { - struct passwd *pw = getpwuid(geteuid()); - if (pw) name = pw->pw_name; + case STARTUP_MSG: + { + struct passwd *pw = getpwuid(geteuid()); + + if (pw) + name = pw->pw_name; + } + break; + default: + (void) sprintf(PQerrormsg, + "fe_getauthname: invalid authentication system: %d\n", + authsvc); + break; } - break; - default: - (void) sprintf(PQerrormsg, - "fe_getauthname: invalid authentication system: %d\n", - authsvc); - break; - } - - if(name && (authn = (char *) malloc(strlen(name) + 1))) - strcpy(authn, name); - return(authn); -} - + if (name && (authn = (char *) malloc(strlen(name) + 1))) + strcpy(authn, name); + return (authn); +} |